{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "coreutils", "libpam-systemd", "libsystemd-shared", "libsystemd0", "libudev1", "snapd", "systemd", "systemd-dev", "systemd-resolved", "systemd-sysv", "systemd-timesyncd", "ubuntu-drivers-common", "udev" ] } }, "diff": { "deb": [ { "name": "coreutils", "from_version": { "source_package_name": "coreutils", "source_package_version": "9.4-3ubuntu6.1", "version": "9.4-3ubuntu6.1" }, "to_version": { "source_package_name": "coreutils", "source_package_version": "9.4-3ubuntu6.2", "version": "9.4-3ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2137373 ], "changes": [ { "cves": [], "log": [ "", " * Fix slow performance of 'du' on large directories (>= 10K files)", " on Lustre filesystems by skipping inode sorting. The default", " behaviour of sorting dirents by inode numbers negatively impacts", " performance on Lustre because it interferes with Lustre's ability", " to prefetch file metadata via statahead. (LP: #2137373)", " - d/p/lp2137373-skip-dirent-inode-sorting-for-lustre.patch", "" ], "package": "coreutils", "version": "9.4-3ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2137373 ], "author": "Munir Siddiqui ", "date": "Fri, 23 Jan 2026 18:30:04 +0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd-shared", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.73+ubuntu24.04", "version": "2.73+ubuntu24.04" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.73+ubuntu24.04.2", "version": "2.73+ubuntu24.04.2" }, "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd in Ubuntu on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is enabled to automatically clean up this directory.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:00:00 UTC" }, { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd in Ubuntu on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is enabled to automatically clean up this directory.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd in Ubuntu on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is enabled to automatically clean up this directory.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:00:00 UTC" } ], "log": [ "", " * SECURITY REGRESSION: typo in snapd.conf", " - data/systemd-tmpfiles/snapd.conf: Fix typo in config file.", " - CVE-2026-3888", "" ], "package": "snapd", "version": "2.73+ubuntu24.04.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Eduardo Barretto ", "date": "Tue, 17 Mar 2026 20:23:18 +0100" }, { "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd in Ubuntu on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is enabled to automatically clean up this directory.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local privilege escalation", " - debian/patches/CVE-2026-3888.patch: more precise prune pattern for", " tmpfiles.", " - CVE-2026-3888", "" ], "package": "snapd", "version": "2.73+ubuntu24.04.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Eduardo Barretto ", "date": "Thu, 12 Mar 2026 12:27:32 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-dev", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-timesyncd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-drivers-common", "from_version": { "source_package_name": "ubuntu-drivers-common", "source_package_version": "1:0.9.7.6ubuntu3.5", "version": "1:0.9.7.6ubuntu3.5" }, "to_version": { "source_package_name": "ubuntu-drivers-common", "source_package_version": "1:0.9.7.6ubuntu3.6", "version": "1:0.9.7.6ubuntu3.6" }, "cves": [], "launchpad_bugs_fixed": [ 1920225 ], "changes": [ { "cves": [], "log": [ "", " * [ Conrad Fernandez ]", " Require root for install and autoinstall (LP: #1920225)", " with tests added", "" ], "package": "ubuntu-drivers-common", "version": "1:0.9.7.6ubuntu3.6", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1920225 ], "author": "Kuba Pawlak ", "date": "Mon, 26 Jan 2026 16:42:46 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.14", "version": "255.4-1ubuntu8.14" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "255.4-1ubuntu8.14", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:48:42 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from release image serial 20260317 to 20260324", "from_series": "noble", "to_series": "noble", "from_serial": "20260317", "to_serial": "20260324", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }